CVE-2017-9022 and CVE-2017-9023: strongSwan DOS Vulnerabilities

Severity

Medium

Vendor

strongSwan

Versions Affected

CVE-2017-9022: strongSwan versions 4.4.0 and later prior to 5.5.3

CVE-2017-9023: all strongSwan versions prior to 5.5.3

Description

It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022)

It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service. (CVE-2017-9023)